From owner-freebsd-pf@FreeBSD.ORG Sun Jul 22 23:49:08 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F8D2106564A for ; Sun, 22 Jul 2012 23:49:08 +0000 (UTC) (envelope-from jmattax@clanspum.net) Received: from mail.clanspum.net (twopir-2-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:1b9::2]) by mx1.freebsd.org (Postfix) with ESMTP id C808D8FC12 for ; Sun, 22 Jul 2012 23:49:07 +0000 (UTC) Received: from mail.clanspum.net (localhost.localdomain [IPv6:::1]) by mail.clanspum.net (Postfix) with ESMTP id 6E3D822400C for ; Sun, 22 Jul 2012 18:49:05 -0500 (CDT) Received: from 63.231.116.1 (SquirrelMail authenticated user jmattax) by mail.clanspum.net with HTTP; Sun, 22 Jul 2012 18:49:05 -0500 Message-ID: Date: Sun, 22 Jul 2012 18:49:05 -0500 From: jmattax@clanspum.net To: freebsd-pf@freebsd.org User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: PF suddenly malfunctioned X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jul 2012 23:49:08 -0000 A few weeks ago (I've been trying to debug it myself since then) my pf firewall stopped working fully correctly. The symptom is that I can no longer access a variety of websites when I'm behind the firewall. I have verified that I can access all of the affected websites from outside my firewall. I have since stripped down my firewall (and general home server) so that it is no longer running named, sshguard or any useful firewalling rules in an attempt to figure out was broken but have been unable to do so. Attached are my current /etc/pf.conf and /etc/rc.conf, to ensure that these are the configurations being used as of my last test I restarted the system and am still getting the same behavior. This behavior started sometime around a storm at my house, but since the firewall can see the websites that the computers behind it can't I don't believe the hardware is an issue. Also, some websites (like anything google hosts) are just fine. The also, so people can see what my kernel thinks I've attach the output of a couple of commands below [root@ ~]# pfctl -s rules No ALTQ support in kernel ALTQ related functions disabled pass in quick all flags S/SA keep state pass out quick all flags S/SA keep state [root@ ~]# pfctl -s nat No ALTQ support in kernel ALTQ related functions disabled nat on xl0 inet from 10.11.10.0/24 to any -> 192.168.0.200 [root@stilgar ~]# ifconfig re0: flags=8843 metric 0 mtu 1500 options=389b ether 90:e6:ba:60:9a:33 inet 10.11.10.1 netmask 0xffffff00 broadcast 10.11.10.255 media: Ethernet autoselect (100baseTX ) status: active xl0: flags=8843 metric 0 mtu 1500 options=82009 ether 00:01:03:d1:fa:90 inet 192.168.0.200 netmask 0xffffff00 broadcast 192.168.0.255 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=8810 metric 0 mtu 1500 ipfw0: flags=8801 metric 0 mtu 65536 lo0: flags=8049 metric 0 mtu 16384 options=3 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 nd6 options=3 pflog0: flags=141 metric 0 mtu 33152 I would be very appreciative of any suggestions anyone can offer. Jason Mattax